We have a samba server running on linux with winbindd. We want the linux passwd file to be consulted first, and then if it fails, continue on to use winbind. I did not set this up, and I've never administrated a samba server before. I have read the O'Reilly Using Samba book, and looking at the config files I believe it is set up to get the desired behavior.
/etc/nsswitch.conf has: passwd: files winbind shadow: files winbind group: files winbind /etc/pam.d/system-auth has: auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_winbind.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so broken_shadow account sufficient /lib/security/pam_localuser.so account sufficient /lib/security/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/pam_winbind.so account required /lib/security/pam_permit.so password requisite /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_winbind.so use_authtok password required /lib/security/pam_deny.so session optional /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 session required /lib/security//pam_limits.so session required /lib/security/pam_unix.so However, every time a user who exists only on the linux side authenticates I see a message like this in winbindd.log: [2007/04/02 17:18:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'XXXX' does not exist This makes me think that it's authenticating using winbind first. So my questions are: 1) Am I correct that the log messages I see mean that it's authenticating using winbind first? 2) If so, how do I make it use the linux files before winbind? 3) If not, why do I get those messages, and what do that mean? TIA! -larry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba